REMARKS 



This amendment is submitted in connection with the accompanying Request for 
Continued Examination ruiher than in response to a rejection from the examiner, in the 
last communication from the Patent Office, the examiner allowed claims 1-8 and 
requested payment of the issue fee. 

In this amendment, the original independent claims 1, 5, and 7 have been 
amended, as explained below. In addition, dependent claim 4 has been amended. 
Furthermore, new claims 9 through 50 have been added which includes new independent 
claim 11,31,36,41 and 46. 

With respect to the amendments of independent claims 1, 5 and 7, the first two 
amendments to claim 1 simply recognizes that the recitation "each having a dynamically 
allocated ... address" more correctly should describe computers rather than the computer 
users. 

The description of the administrative module has been amended to recite that the 
regular accounts have varying amounts of administrative privileges which is broader than 
specifying exactly what each category of such privileges actually is. The new dependent 
claims 9, 10, 29, 30, 35 and 40 specify the privileges. 

The first proxy server has been amended to state that it is not necessarily in each 
and every user computer but rather in "one or a plurality" of such user computers. 
Dependent claims 12 (dependent on new independent claim 1 1 discussed below), 14 
(dependent on independent claim 1), 16 (dependent on independent claim 5) and 18 
(dependent on independent claim 7) recite the scenario wherein the first proxy server is in 
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each and every user computer, which the version that existed prior to this amendment. 
The version where the first proxy server is in fewer than every user computer, and in fact 
can be in a single user computer, is supported by and suggested by the disclosure as 
evidenced by page 4, next to the last paragraph, wherein the disclosure states that '"'FIG. 
5A shows the use of proxy chaining with one deployed Gargoyle or first proxy server for 
outbound interception enforcement for a group of HTTP clients with every web user 
using the first proxy server's account and having the same level of access and 
configurations." Gargoyle is the name of the system of the present invention. 

With respect to the second proxy server, five amendments have been made. In the 
first amendment, it is recited "a second proxy server without the administrative module" 
rather than without any administrative module. This broadening amendment is intended 
to include the situation wherein the second proxy server does not have the administrative 
module previously referred to in the claim (i.e. the Gargoyle administrative module) but 
may have a different administrative module. This scenario is contemplated by the patent 
disclosure as evidenced by FIG. 4A which is described as illustrating the scenario where 
"the first proxy server is the firewall system (Gargoyle) and is configured to be connected 
to another HTTP proxy server " See page 1 1 lines 12-14 of patent application disclosure. 
Page 12 of the patent disclosure at lines 9-1 1 also states: "Under this system, the only 
way to connect to the Internet is to first connect to the first proxy server (Gargoyle) and 
then be forwarded to the ISP-based HTTP proxy server, then to the Internet." 
Furthermore, FIG. 4A states specifically that the other proxy server is located at the 
Internet Service Provider (ISP). It is well known to persons skilled in the art that any 
proxy server must have its own administrative module. 
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Second, there is also a technical amendment to refer to the friendly and unfriendly 
lists using the definite article "the" since said lists were previously introduced. 

In the third amendment regarding the second proxy server, the local area network 
is now introduced with the definite article "the" since the claim is referring to the 
previously introduced local area network. Fourth, the word "system" has been deleted as 
an adjective describing the LAN, since it was confusing and/or incorrect to have that term 
follow the phrase "local area network" that way. In the fifth amendment, the revised 
claim recites that the Internet Service Provider of the local area network is what is being 
referred to by the phrase "its local area network" and therefore the word "its" has been 
deleted. 

Dependent claim 4 has also been amended to recite that the system is also 
compatible with a local area network and with a virtual network connection. Thus the 
phrase "virtual network connection" is proposed to replace the phrase "network line 
connection". 

Also, regarding independent claims 5 and 7, the word "harmless" is being 
changed to "unimportant" and the phrase "highly sensitive resource" is being changed to 
"important resource". Thus, inbound communications are arranged so that an actual 
location of an "important resource" is located in an unpublished location and wherein ... 
unapproved users are not listed in the unfriendly inbound list and have their request sent 
to a published address that contains "unimportant" rather than "harmless" information. 
These changes are simply intended to be more precise. For example, a highly sensitive 
resource is obviously an important resource. The term Unimportant information" is 
more precise than the term "harmless information". 
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New independent claim 1 1 is the same as independent claim 1 except that 
independent claim 1 1 has only one proxy server, called "first proxy server" and does not 
have a second proxy server. This is supported in the disclosure by FIG. 3A and in the 
paragraph that is located from line 20 of page 10 through page i i iine 7. 

Among the remaining dependent claims not already discussed, claims 13, 15, 17, 
19-22, 24, 26, 28 are simply recitations of the element that 'the range of access levels 
ranges from maximum 100% access to full suspension". Thus these claims recite the 
identical element as the element recited in old claim 8 except that these claims depend 
from different claims than the claim that claim 8 depends from. 

Claims 23, 25 and 27 simply recite that "the system is compatible with diaJup 
modem connection to the Internet, a local area network and with virtual network 
connection", which is the identical element recited in proposed amended claim 4 except 
that these claims depend from claims that are not the same as the claim that dependent 
claim depends from. 

Independent claim 31 is identical to independent claim 5 with the exception that 
for arranging inbound communications "approved users are not listed in the first proxy 
server in the friendly inbound list and are sent by the first proxy server to the replacement 
location" instead of the language "approved users are listed in the first proxy server in the 
unfriendly inbound list". Similarly, unapproved users are listed in the friendly inbound 
list rather than being not listed in an unfriendly inbound list. 

This difference is suggested by and is inherent in the disclosure. At page 7, last 
paragraph of the disclosure the following is the usual way described in claims 1 and 11 of 
filtering and firewall security (and it also reflects the outbound list setups for claims 41 
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and 46). Note that clarifying words from other parts of the disclosure have been inserted 
in brackets to relate the paragraph more explicitly relate to inbound communications: 

"A friendly [i.e. inbound] list means a list of preferred names of entities such as 
[client addresses or subsets of client addresses,] URLs or subsets of URLs. A match with 
a friendly [i.e. inbound] list results in the [approved client's] requested URL being 
forwarded. [The rest of the requests are by disapproved clients who will be stopped or 
forwarded to replacement URL's.] An unfriendly [i.e. inbound] list is a list of non- 
preferred names of entities such as [client addresses or subsets of client addresses,] URLs 
or subsets of URLs. A match with an unfriendly [i.e. inbound] list results in the request 
not being forwarded to the destination - instead being terminated or forwarded 
elsewhere." 

The whole point of the friendly and unfriendly lists is to silently route privileged 
(friendly) users to important resources and to allow the access of unprivileged 
(unfriendly) users to unimportant resources using different permutations. Claim 5 is one 
way of accomplishing this. Claim 31 is just a different (converse) way of accomplishing 
the same thing as claim 5. Note that the system of claims 5 and 7 are discussed in the 
second and third paragraphs of page 8 of the disclosure and on page 10 concerning FIG. 
2. The way outlined in claim 31 is more useful in commercial settings where massive 
number of anonymous users are going to a web site such as news portals or sites. In 
accordance with claim 31, one cannot register millions of people so the non-registered 
users are the approved users. 

Similarly, new independent claim 36 is identical to independent claim 7 with the 
exception that for arranging inbound communications "approved users are not listed in 
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the first proxy server in the friendly inbound list and are sent by the first proxy server to 
the replacement location" instead of the language "approved users are listed in the first 
proxy server in the unfriendly inbound list". 

As previously stated, the whole point of the friendly and unfriendly lists is to 
silently route privileged (friendly) users to important resources and to allow the access of 
unprivileged (unfriendly) users to unimportant resources using different permutations. 
Claim 7 is one way of accomplishing this. Claim 36 is just a different (converse) way of 
accomplishing the same thing as claim 7. The way outlined in claim 36 is more useful in 
commercial settings where massive number of anonymous users are going to a web site 
such as news portals or sites. In accordance with claim 36, one cannot register millions of 
people so the non-registered users are the approved users. 

Thus, for the same reason given as to new independent claim 31, independent 
claim 36 is suggested by and is inherent in the disclosure. 

Dependent claims 32 through 34 depend from independent claim 31 in the same 
way that dependent claims 21 , 23, 24 depend from claim 25 (directly or indirectly). 
Similarly, dependent claims 37 through 39 depend from independent claim 36 in the 
same way that dependent claims 21, 23, 24 depend from claim 25 (directly or indirectly). 

New independent claim 41 is identical to original independent claim 1 (proxy 
chaining), as revised herein, except that new independent claim 41 is limited to outbound 
communications only. Similarly, new independent claim 46 is identical to original 
independent claim 1 1 (a single proxy sevrer), except that new independent claim 46 is 
limited to outbound communications only. 

The system of the present invention supports the use of the system with only 
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outbound lists. In particular, the use of inbound lists may be irrelevant for networks with 
a single user. 

The original patent disclosure supports claims 41 and 46 and the claims 42-45 and 
47-50 which are dependent thereon. In page 12 lines 3-5 of the patent disclosure, when 
discussing proxy chaining, the disclosure states: "Most commonly, the user computer is 
connected to the ISP through a modem connection and the first proxy server is installed 
and configured on this single computer." The idea of the user computer being connected 
to the ISP through a modem connection directly suggests a scenario limited to outbound 
communications since it well known that a modem connection normally is used for 
outbound communications. 

In addition, the patent disclosure provides additional support for a scenario of 
only outbound communication in the connect of a single proxy server (claim 46) at page 
10 lines 1? through page 1 1 line 4 discussing FIG. 3B which entails dialup modem access 
to the Internet for a single user. Again, a modem connection normally is used for 
outbound communications only. Page 8 lines 7-8 of the disclosure already explained 
that *'[i]f [the requesting client] is an internal client then the outbound list is used as a 
reference point ..." 

Dependent claims 42-45 and 47-50 mirror dependent claims 9, 21, 23, and 24. 

Finally, claim 7 has the additional clarifying amendment at the last paragraph of 
the claim recites that "approved users are listed in the first proxy server in the unfriendly 
inbound list rather than "as unfriendly". Also, a grammatical change was made in 
independent claims 1, 5 and 7 in the paragraph introducing the first proxy server. This 
grammatical change, which occurs in the bolded word herein, is to remove a plural of the 
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word list in the clause "the friendly outbound list, the unfriendly outbound list, the 
friendly inbound list and the unfriendly inbound lists being uniquely configurable by 
each user." 

It is respectfully submitted that claims 1-50 are aiiowabie over the prior an just as 
original claims 1-8 are. For example, revised independent claims 1 and 5 and their 
respective dependent claims, and new independent claims 31 and 41 and their respective 
dependent claims, all recite a second proxy server without the administrative module of 
the first proxy server in the environment of filtering internet usage via friendly and 
unfriendly lists. Independent claim 31 is similar to original independent claim 5 which 
was allowed. Independent claims 1,5,31 and 41 and their associated dependent claims 
all involve a system having two proxies that differ with respect to the administrative 
module and have a network communication link between them 

Independent claim 36 is similar to original independent claim 7 which was 
allowed. Independent claim 1 1 has all of the features of claim 1 except for the second 
proxy server. Independent claim 46 is like independent claim 1 1 except it is for outbound 
only. 

Since all of the foregoing amendments are understood to place the application in 
condition for allowance, their entry is submitted to be appropriate and is respectfully 
requested. 

Dated: April 29, 2004 Respectfully submitted, 




Steven Htfrow/tz, Attorney for Applicant 
Registration No. 31,768 
295 Madison Avenue, Suite 700 
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